In early days, computer systems worked independently and rarely communicated with each other. Today, however, it is well known that interconnecting computer systems with networks, such as local area networks (LAN) or wide area networks (WAN), greatly enhances the sharing of information, services and other resources available via the network. A network interface card (NIC) is usually employed for exchanging data between the host system and the network. A conventional NIC commonly includes interfaces to connect the host system and the network via the NIC. The conventional NIC may have a packet buffer to store data packets received by the NIC and a controller to control the packet buffer forwarding the data packets at an appropriate time.
As a result of interconnection of data networks, security has become a major concern for the connected host systems and networks. Unauthorized access to a company's data network can result in a loss of valuable proprietary information of the company. Furthermore, unauthorized access can also result in attacks to data network and computing system of the company, causing a loss of data or a crash. Hence, in an interconnected world, it is crucial for network users to protect their information and computer system. Various methods and devices have been used to enhance network security, including firewalls, identification and authentication (I&A), intrusion detectors, cryptography (particularly public key cryptography) and virtual private networks (VPN).
Network security has concentrated on the use of firewalls. Typically, firewalls are located at strategic points in the network such that all incoming and outgoing data traffic must pass through a firewall. Firewalls have been used to protect an organization's internal resources from the external Internet by passing certain protocols (e.g. email, name services) into the protection perimeter, but filtering out all protocols not explicitly listed. The firewalls attempt to isolate a specific intranet from the remainder of the Internet. Firewalls provide proxy servers that stand between the external network and internal resources and the proxy servers pre-validate external requests.
The implementation of host system using security software such as firewalls to operate security defense against unauthorized data packets has provided certain protection for the host systems and the networks. However, the security software consumes much resource of the computer system. Moreover, if some unsafe information such as an attack packet reaches the host system, the host system may be affected before the firewall cleans up the attack packet.